On Wed, 17 Aug 2005 08:16:04 CDT, "Madison, Marc" said: > lab has compiled hashes of know child porn, they use the hashes to > perform quick scans of suspected criminals computers in order to > facilitate a quicker response to the investigating agency in the case.
OK.. So we found the hash, therefor the guy is guilty.. > And if I'm not mistaken Metasploit with out any changes is extremely > noisy which makes it easy to identify as Metasploit. And if we're facilitating a "quicker response", how do we reconcile that with taking the time to identify a Metasploit that *has* been changed to be less noisy? "We found the hash, we didn't see any signs of a stock noisy Metasploit, and it would have taken too long to look for a modified Metasploit version we've never seen before, so the guy is guilty..." I think that's *exactly* the situation that Jason is complaining about...
pgpuOZPImeNBv.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
